: Wordpress site constantly bruted forced even though there is no wp-login.php page After being attacked many times and compromised I installed Sucuri for monitoring. Seeing how many times a day
After being attacked many times and compromised I installed Sucuri for monitoring.
Seeing how many times a day I was being brute forced, I decided to turn off the wp login page, but I still get notifications of a failed login.
How is this possible if there's no login page to speak of on my site? How can bots access that page or try to login if it is not present?
More posts by @Kristi941
1 Comments
Sorted by latest first Latest Oldest Best
Bots are endlessly looking for ways to get into your Wordpress site and there are many more than just the standard 'wp-login.php' address.
There is also the /wp-admin/ in addition to wp-login.php, as well as comment sections, and other user profile pages that all may or may not be serving one way or another to approach the user login.
The bots could also potentially have discovered your new login address, especially if you used something in the phrasing such as "admin" "login" "logon" etc.
I would suggest blocking IP addresses after a certain number of failed attempts to login. It will not stop all the bots, but at least you are pro-actively defending your site from brute force attacks.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.